Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Identifying the Smallest Adversarial Load Perturbation that Renders DC-OPF Infeasible

Samuel Chevalier, William A. Wheeler

TL;DR

This work addresses the problem of finding the globally smallest load perturbation $δ^*$ that renders DC-OPF infeasible, a nonconvex adversarial attack problem with important implications for grid reliability and cybersecurity. The authors formulate the attack via a parameterized Farkas lemma and develop a primal defense through an affine control policy $p = p_0 + Gδ$ that yields solvability guarantees, enabling upper and lower bounds to be squeezed toward a common global solution. They prove a simplex-based result showing that, under certain geometric conditions, the defense region can tightly match the attack region, and they demonstrate the approach on PGLib test cases, achieving near-global convergence in several instances and quantifying gaps in larger networks. The findings offer a principled way to quantify and improve DC-OPF robustness to load perturbations, with potential applications in robust operation, cybersecurity, and ML verification of grid performance. Extensions to AC-OPF and more flexible control policies could broaden applicability and scalability.

Abstract

What is the globally smallest load perturbation that renders DC-OPF infeasible? Reliably identifying such "adversarial attack" perturbations has useful applications in a variety of emerging grid-related contexts, including machine learning performance verification, cybersecurity, and operational robustness of power systems dominated by stochastic renewable energy resources. In this paper, we formulate the inherently nonconvex adversarial attack problem by applying a parameterized version of Farkas' lemma to a perturbed set of DC-OPF equations. Since the resulting formulation is very hard to globally optimize, we also propose a parameterized generation control policy which, when applied to the primal DC-OPF problem, provides solvability guarantees. Together, these nonconvex problems provide guaranteed upper and lower bounds on adversarial attack size; by combining them into a single optimization problem, we can efficiently "squeeze" these bounds towards a common global solution. We apply these methods on a range of small- to medium-sized test cases from PGLib, benchmarking our results against the best adversarial attack lower bounds provided by Gurobi 12.0's spatial Branch and Bound solver.

Identifying the Smallest Adversarial Load Perturbation that Renders DC-OPF Infeasible

TL;DR

This work addresses the problem of finding the globally smallest load perturbation that renders DC-OPF infeasible, a nonconvex adversarial attack problem with important implications for grid reliability and cybersecurity. The authors formulate the attack via a parameterized Farkas lemma and develop a primal defense through an affine control policy that yields solvability guarantees, enabling upper and lower bounds to be squeezed toward a common global solution. They prove a simplex-based result showing that, under certain geometric conditions, the defense region can tightly match the attack region, and they demonstrate the approach on PGLib test cases, achieving near-global convergence in several instances and quantifying gaps in larger networks. The findings offer a principled way to quantify and improve DC-OPF robustness to load perturbations, with potential applications in robust operation, cybersecurity, and ML verification of grid performance. Extensions to AC-OPF and more flexible control policies could broaden applicability and scalability.

Abstract

What is the globally smallest load perturbation that renders DC-OPF infeasible? Reliably identifying such "adversarial attack" perturbations has useful applications in a variety of emerging grid-related contexts, including machine learning performance verification, cybersecurity, and operational robustness of power systems dominated by stochastic renewable energy resources. In this paper, we formulate the inherently nonconvex adversarial attack problem by applying a parameterized version of Farkas' lemma to a perturbed set of DC-OPF equations. Since the resulting formulation is very hard to globally optimize, we also propose a parameterized generation control policy which, when applied to the primal DC-OPF problem, provides solvability guarantees. Together, these nonconvex problems provide guaranteed upper and lower bounds on adversarial attack size; by combining them into a single optimization problem, we can efficiently "squeeze" these bounds towards a common global solution. We apply these methods on a range of small- to medium-sized test cases from PGLib, benchmarking our results against the best adversarial attack lower bounds provided by Gurobi 12.0's spatial Branch and Bound solver.

Paper Structure

This paper contains 13 sections, 3 theorems, 48 equations, 7 figures, 2 tables.

Table of Contents

  1. Introduction
  2. DC-OPF Modeling
  3. DC-OPF Adversarial Attacks
  4. Lower bounding the adversarial attack
  5. Improving the adversarial attack lower bound via parameterized control policy
  6. Optimal parameterized control policies can tightly bound the adversarial attack region
  7. Adversarial Attack Solution Procedure
  8. Numerical Test Results
  9. Test setup
  10. Case study: 5-bus network
  11. Larger network test results
  12. Conclusion
  13. Acknowledgments

Key Result

Lemma 1

There is no adversarial attack smaller than $t^*$.

Figures (7)

  • Figure 1: Depicted is the globally smallest load perturbation, $\delta^*$, which renders DC-OPF infeasible along with a local solution, $\delta_{\rm ub}$, which upper bounds the attack size. Minimizing distance to infeasibility is a nonconvex problem.
  • Figure 2: The left plot shows the simplex, ${\mathcal{S}}^*$, in two dimensions, where the largest perturbation ball is inscribed inside. The extreme points of ${\mathcal{S}}^*$ map to feasible solutions $p$ of the injection space, which might be a space of higher or lower dimensions.
  • Figure 3: Three different base load operating conditions (black dots). In each panel, the feasible perturbation region ${\mathcal{S}}^*$ is the same, but the smallest perturbation to infeasibility $\delta^*$ is different, since it depends on the base operating point. The extreme points $\delta_1$, $\delta_2$, and $\delta_3$ are selected differently in each case, so that they always fall within the space of feasible perturbations. In the first two examples, simplexes exist which fully contain the ball $\Delta$ from \ref{['eq: Delta']}. However, in the third case, no simplex can be drawn which fully contains $\Delta$.
  • Figure 4: Model \ref{['model:minimum_perturbation']}, which seeks the smallest adversarial attack, generally struggles to raise its lower bound. Model \ref{['model:epi']}, which finds a defensive control policy, has a solution $t^*$ which is potentially below $\left\Vert \delta^*\right\Vert _{2}^{2}$. Both models, however, are guaranteed to converge at the uncrossable line if there is a simplex containing the perturbation ball $\Delta$. This is exploited in Model \ref{['model:mod4']} (Appendix \ref{['AppE']}), which squeezes the first two model bounds together.
  • Figure 5: Iterative branch and bound solutions (recorded via callbacks) to the 5-bus test case for Models \ref{['model:minimum_perturbation']} (attack) and \ref{['model:epi']} (defend). Neither model can prove its bound, but the incumbents associated with both models closely match when Gurobi is initialized.
  • ...and 2 more figures

Theorems & Definitions (13)

  • Definition 1: Adversarial attack
  • Remark 1
  • Remark 2
  • proof
  • Remark 3
  • Lemma 1
  • proof
  • Remark 4
  • Definition 2: Simplex
  • Lemma 2
  • ...and 3 more